Slashdot Mirror
FTC Adopts New Rule For Sexually Explicit Spam
enforcer999 writes "As you know, the CAN SPAM ACT preempted many state laws that were tougher on spammers. For instance, many of the laws that were enacted by states included a requirement that sexually explicit SPAM be labeled as such. The FTC, in charge of adopting rules, came up with a new rule that will require sexually explicit SPAM to be labeled as such. Hmm? I think the states were already trying to do this before the Federal government preempted them. Anyway, I wonder if it will work?"
Newsflash..
1.) Spammers don't obey the rule of law..
2.) Spammers can go offshore.
The way to deal with spam is to make it so it doesn't pay. Remember the illegal broadcast stations? The way we (in the UK) managed to shut them down was by making it *illegal* to advertise on them.
Do the same to spam and throw in a host of technical measures and we might be able to bring it under control
Isn't this just going to enable an industry to profit from the stygma of being "sexually explicit"?
This is the same thing that Rated X did for the adult movie industry.
Don't get me wrong, I'm relieved to see something finally being done about this but I think a stronger message should have been sent. Simply put, the email is unsolicited which means the recipient has no way to prevent the mail from arriving. Do you honestly think that curious teenagers who receive a sexually explicit content email (and it's labeled as such) aren't going to take a gander at it?
For that matter, I don't want my 10 year old having to sift through this stuff either. Sure, spam filters can do excellent work now but it's still not 100%.
Eric Sarjeant
eric[@]sarjeant.com
What defines sexually explicit??
"I may not be able to define it, but I know it when I see it."
Seriously, though. If any reasonable person on a jury in a court of law thinks that it's sexually explicit, then that's good enough.
Ha, ha! Nobody ever says Italy.
Your post advocates a
( ) technical
(X) legislative
( ) market-based
( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Suppose a new filter/protocol/etc. were developed which instantly blocked 99.9% of spammers. Might the inevitable remaining few become somehow particularly "lethal", e.g., to a then more credulous public?
(Sure, bandwidth would be conserved. But doesn't Moore's Law render bandwidth an eventual non-issue?)
Seeing bad movies only encourages them. Watch responsibly
Actually, what is needed is a clarification of existing computer-cracking law to the effect that any identifiable attempt to circumvent spam filtering is an illegal intrusion just like any other attempt to get into somebody else's computer without permission. The existing penalties for cracking are high enough to serve as a deterrent once a few high-profile scalps have been collected.
The spammer claims that "v1agr4" is just an innocent typo and not an attempt to get through filters? Tell it to the judge and see if he buys it.
/. If the government wants us to respect the law, it should set a better example.
Now that the federal government is getting tough on spam how much longer before the is a "war" on spam. This war on spam is brought to you by the same people that brought you the war on drugs and the war on poverty, so don't get your hopes up. I would rather the government kept the filthy little hands off the internet and email. I know that there are alot of people that hate spam but I hate television comercials a hell of a lot more then spam. I can't remember a time when the federal or my local government got involved in something and it turned out for the better. The less the government intrudes in our lives the better.
Truckers don't send out an identification number (IP number) every time they talk over the radio. Also, there is no way to prevent truckers from talking over a CB if they fake their identity (SPF: http://spf.pobox.com ).
When I was driving a tow truck, there was an incident where one of the dispatchers was worried that he would get fined for swearing. Fortunately, it turned out that he cut off the transmission in time. However, if it had gone through, he (or AAA) could have been fined. Unlike a trucker, he was identifiable and broadcasting from a defined place.
Same thing with television and radio, they keep the language within the guidelines because they can be prosecuted, fined, and/or suspended.
Open proxies and off shoring are more of a worry, but if they are selling in the US, some part of the transaction must take place in the US. That can be detected (they have to tell people how in the email or someplace accessible from the email) and blocked.
This is the same concept as leaving telnet and the guest account avliable or anon ftp: clearly, you want random people to access your system (or at least you didn't take any effort to prvent them from doing such). However, I have heard of cases of people being prosecuted for doing just that. I've also heard of cases that if a banner says "welcome" at all this somehow makes it a public system and open to attack (after all, the owner is welcomming you onto the system!)
We don't need new laws - we need better technology. SMTP is admittedly broken. There are ways to fix it.
espo
Why advocate a plain-text arbitrary (english) label at all? Why not use PICS labels for mass e-mail? If you're going to legislate labelling of some kind, at least do it in a flexible, extensible fashion.
Maybe I do want to receive sexually-explicit spam, just not too explicit. I'd like to tune my spam filters to suit that requirement, not along an arbitrary government-specified line.
If you are running a spam filter, you obviously do not want people to send spam to you. If someone sends you spam anyway, and does so in a manner that proves beyond reasonable doubt an intent to circumvent spam filtering (e.g. forged headers, alteration of filter-trigger words, misleading subject lines), he's trespassing.
I'm perfectly willing to allow someone to send spam, provided that it includes no features that can be identified as deliberate attempts to evade filtering. (As I said in the first message, the gray area of that criterion, like the unavoidable gray areas in many other laws, can be thrashed out in court on a case-by-case basis.) With that property-rights protection in place, it becomes a matter of free speech for the spammer and for the (few) people who would actually receive his spewings.
We don't need new laws - we need better technology.
We need both, just as we need both locks and police to secure physical property.
/. If the government wants us to respect the law, it should set a better example.
The result was: only about 2% of the spam would have gotten through. I think I can improve that rate by increasing my local spamtrap database to augment the larger one at cbl.absuseat.org. But even if I can't: 98% of spam eliminated in a 100% automated fashion, no tuning and tweaking and training. Completely automated spam removal, totally driven by the spammers themselves (they tell us what IP addresses they are using today by using them to send spam to a spamtrap address).
Greylisting + spamtrap RBL has some niggling problems, such as dealing with mailing lists that use a different sender address (and maybe even IP address) when they retry a tempfailed message. However, these problems seem manageable compared with solutions such as teaching every user to train a Bayesian filter.
To defeat greylisting + spamtrap RBL, spammers will have to locate all the spamtrap addresses in their databases and remove them. Good luck!
Greylisting + spamtrap RBL may not be a silver bullet, but it sure acts like one on my system.
Um, he did take effort to prevent spammers from sending him e-mail. Namely, he ran the spam filter. If he wasn't running the spam filter, then he wouldn't care if incoming spam was trying to circumvent it, now would he ?
It's like running SSH with no guest accounts. You want only certain people to have access. You have taken steps to ensure this. Sure, the SMTP server will accept the mail, just as the SSH server will accept an incoming connection; the authorization is done once the connection/e-mail has been accepted. And the spam-filter-circumventing spam is just like a script kiddie trying to use some new exploit in sshd to gain access, and should be just as illegal.
SMTP works fine. What we need is to start encrypting all e-mail with public-key encryption, and discarding all nonecrypted mail. This will make mass-mailing impossible, because each email will need to be encrypted separately for each receiver (mailig lists will be whitelisted by subscribers, of course).
There is no way a protocol can ever tell spam from legitimate mail, unless we implement the evil bit ;).
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Seriously, though. If any reasonable person on a jury in a court of law thinks that it's sexually explicit, then that's good enough.
Don't you think we should at least require a majority of them? By the way, the FTC requires the label "[SEXUALLY-EXPLICIT]" on all e-mail which is "sexually oriented."
The problem with this kind of law is the significant risk of the law being thrown out as being too vague. If someone is tried under that law in Salt Lake City, "sexually oriented" might be interpreted to mean a picture of a woman wearing a skirt that doesn't cover her knees. A Los Angeles jury might decide that "sexually oriented" is nothing short of photos of full penetration. Is a text ad for a site that sells lingerie "sexually oriented"? How about an ad with photos of women in bikinis to advertise www.ladies-swimwear.com? Is that "sexually oriented" or is it a site about beachwear fashion?
It's not the government's role to decide what is, or is not, sexually oriented. They should simply make sending spam, or paying a third party to send spam, illegal. They should pass a law like Virginia's, which entitles a recipient to damages from the spammer if they win in a civil suit. They should require that ISPs investigate spam and take action within 48 hours of receiving notification, reporting back to those who filed the complaints about what, specifically, was done, and whether they know the identity of the spammer (so that people decide whether it's worthwhile to get a court order to sue the spammer). They should shut down the connections of those who send spam (I don't care if it's someone's moronic relative who clicked on an attached virus that turned their system into a spam relay).
Spam is theft. Period. It is theft of bandwidth, theft of storage, and theft of CPU time. It's not a free speech issue. It's not analogous to physical junk mail. It's not like telemarketing. Laws can be effective whether spam is sent from with within the US or offshore. If you disagree with me, then go here and read so that you don't waste your time and ours with old, tired, discredited arguments.